org.raml.parser.loader.FileResourceLoader Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of raml-parser Show documentation
Show all versions of raml-parser Show documentation
Java implementation of the raml parser taken from https://github.com/raml-org/raml-java-parser and adjusted
/*
* Copyright 2013 (c) MuleSoft, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the License.
*/
package org.raml.parser.loader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class FileResourceLoader implements ResourceLoader
{
private static final Logger LOG = LoggerFactory.getLogger(FileResourceLoader.class);
private final File parentPath;
protected final Logger logger = LoggerFactory.getLogger(getClass());
public FileResourceLoader(final String path)
{
this(new File(path));
}
public FileResourceLoader(final File path)
{
this.parentPath = path;
}
@Override
public InputStream fetchResource(final String resourceName)
{
final File includedFile = new File(parentPath, resourceName);
if (!includedFile.exists())
{
return null;
}
sanitizePath(Paths.get(parentPath.getAbsolutePath()), Paths.get(resourceName));
final FileInputStream inputStream = null;
if (logger.isDebugEnabled())
{
logger.debug(String.format("Looking for resource: %s on directory: %s...", resourceName, parentPath));
}
try
{
return new FileInputStream(includedFile);
}
catch (final FileNotFoundException e)
{
// ignore
}
return inputStream;
}
/**
* Method to sanitize given path accordingly to allowed root application folder.
*
* @param rootPath a top level accessible folder path
* @param requestedPath the requested relative path
* @throws IllegalArgumentException throw in case the given requestedPath is
*
* - absolute path
* - can not be represented in canonical way
* - is traverses up the the folder structure out of the rootPath bounds
*
*/
private void sanitizePath(final Path rootPath, final Path requestedPath)//
{
if (requestedPath.isAbsolute())
{
LOG.error("Not allowed to access directly absolute path " + requestedPath);
throw new IllegalArgumentException("Not allowed to access directly absolute paths.");
}
final Path normalizedRequestedPath = rootPath.resolve(requestedPath).normalize();
final Path normalizedServletRootPath = rootPath.normalize();
if (!normalizedRequestedPath.startsWith(normalizedServletRootPath))
{
LOG.error("Requested resource " + requestedPath + " is not relatively located inside the allowed web application "
+ "root folder " + rootPath);
throw new IllegalArgumentException("Requested resource is not relatively located inside the allowed web application "
+ "root folder.");
}
}
}